TI SDK version
AM335xSDK 08_00_00_00
Build date: 02112015
http://software-dl.ti.com/sitara_linux/esd/AM335xSDK/latest/index_FDS.html
Hardware
BeagleBone Black (PCB revB3)
Summary
Using default prebuilt binaries from TI SDK package with supported hardware It was shown that hardware acceleration of cryptography leads to “bad decrypt” openssl issue
Examples from http://processors.wiki.ti.com/index.php/Sitara_Linux_Training:_Cryptography#Description_3
do not work.
In case of unloading cryptodev module the examples are ok.
Details
-
booting image preparation
-
issue reproduction sequence
Booting image preparation
The steps are taken from
http://processors.wiki.ti.com/index.php/Sitara_Linux_SDK_create_SD_card_script
+
cp ../../ti-sdk-am335x-evm-08.00.00.00/board-support/prebuilt-images/am335x-boneblack.dtb /media/boot/
Issue reproduction sequence
example 1
root@am335x-evm:~# openssl enc -p -aes-256-cbc -salt -in /usr/share/matrix-gui2.0/index.php -out index_php.enc -pass pass:123
salt=64F8B620E5292C3F
key=74DA4121DC1C0ED2A8E5B0741F824034B7D52B97B5B384EB5E14662106C74427
iv =B7D52B97B5B384EB5E14662106C74427
root@am335x-evm:~# ls -al
drwxr-sr-x 2 root root 4096 Feb 11 15:14 .
drwxr-sr-x 3 root root 4096 Feb 11 15:06 ..
-rw-r--r-- 1 root root 6000 Feb 11 15:14 index_php.enc
root@am335x-evm:~# openssl enc -d -p -aes-256-cbc -in index_php.enc -out index_hp.dec -pass pass:123
salt=64F8B620E5292C3F
key=74DA4121DC1C0ED2A8E5B0741F824034D013FFD466EE5FCC72E82895DCFD72A9
iv =D013FFD466EE5FCC72E82895DCFD72A9
bad decrypt
root@am335x-evm:~# diff /usr/share/matrix-gui-2.0/index.php index_php.dec
Files /usr/share/matrix-gui-2.0/index.php and index_php.dec differ
root@am335x-evm:~# openssl engine
(cryptodev) cryptodev engine
(dynamic) Dynamic engine loading support
But if we unload cryptodev (ie use software mode of openssl) the same example from ti site is ok
example 2
root@am335x-evm:~# rmmod -f cryptodev
[ 860.664804] Disabling lock debugging due to kernel taint
[ 860.675080] cryptodev: driver unloaded.
root@am335x-evm:~#
root@am335x-evm:~# openssl engine
(dynamic) Dynamic engine loading support
root@am335x-evm:~# rm -rf *
root@am335x-evm:~# openssl enc -p -aes-256-cbc -salt -in /usr/share/matrix-gui-.0/index.php -out index_php.enc -pass pass:123
salt=4D09CCC7DB1E5FB6
key=0EE87E934116500C077F4B6CD7639DBD0BA8DF634C05970685BB258592BDF9B3
iv =445ACAE3ECA1F3929326486954D81CFA
root@am335x-evm:~# openssl enc -d -p -aes-256-cbc -in index_php.enc -out index_p.dec -pass pass:123
salt=4D09CCC7DB1E5FB6
key=0EE87E934116500C077F4B6CD7639DBD0BA8DF634C05970685BB258592BDF9B3
iv =445ACAE3ECA1F3929326486954D81CFA
root@am335x-evm:~# diff /usr/share/matrix-gui-2.0/index.php ./index_hp.dec
root@am335x-evm:~#
Same results were received with aes128-cbc with preconfigured ivs (as ivs unexpectedly differ in example 1 ).
Has anybody faced the issue?